User Tools

Site Tools


nginx:wsus_proxy

nginx 'WSUS config' I use at work to tunnel WSUS updates from one country to another via. low bandwidth connections (I use “wondershaper” to limit the total bandwidth of the server, as other services such as squid proxy is running too). The original page is found at the nginx wiki: WSUSProxy

You need to correct “DAZCACHE”, “YOUR.WSUS.SERVER” and “192.168.222.0/24” to make this work.

nginx.conf
user  nobody;
worker_processes  1;
 
error_log  logs/error.log  info;
 
#pid        logs/nginx.pid;
 
events {
	worker_connections  1024;
}
 
http {
	include       mime.types;
	default_type  application/octet-stream;
# Global proxy read timeout = 1 hour
	proxy_read_timeout 3600s;
 
	log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
					'$status $body_bytes_sent "$http_referer" '
					'"$http_user_agent" "$http_x_forwarded_for"';
 
	access_log  logs/access.log  main;
 
	sendfile        on;
	#tcp_nopush     on;
 
	#keepalive_timeout  0;
	keepalive_timeout  1200;
 
	#gzip  on;
	server {
# Limit outgoing bandwidth pr. client
		listen       80;
		server_name  DAZCACHE;
 
		#access_log  logs/host.access.log  main;
 
		# root url - don't cache here
		location /  {
			allow 192.168.222.0/24;
			deny all;
			proxy_pass		http://YOUR.WSUS.SERVER:80;
			proxy_set_header	Host             $host;
			proxy_set_header	X-Real-IP        $remote_addr;
			proxy_set_header	X-Forwarded-For  $proxy_add_x_forwarded_for;
		}
 
		# here is static caching
		location ~* ^/Content.+\.(cab|exe|psf|CAB|EXE|PSF)$ {
			root                 cache/wsus;
			error_page           404 = @fetch;
		}
 
		location @fetch {
			internal;
 
			proxy_pass         http://YOUR.WSUS.SERVER:80;
			proxy_set_header   Range    '';
 
			proxy_set_header   Host             $host;
			proxy_set_header   X-Real-IP        $remote_addr;
			proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
 
			proxy_store           on;
 
			root                 cache/wsus;
		}
	}
}
nginx/wsus_proxy.txt · Last modified: 2015/08/15 22:56 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki